SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#297363

PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution

Overview

Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server.

I. Description

PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium, Netscape and iPlanet, OmniHTTPd and others. Vulnerabilities in the php_mime_split function may allow an intruder to execute arbitrary code with the privileges of the web server. For additional details, see
Web servers that do not have PHP installed are not affected by this vulnerability.

II. Impact

Intruders can execute arbitrary code with the privileges of the web server, or interrupt normal operations of the web server.

III. Solution

Upgrade to PHP version 4.1.2, available from http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz. If upgrading is not possible, apply patches as described at http://www.php.net/downloads.php:


If you are using version 4.20-dev, you are not affected by this vulnerability. Quoting from http://security.e-matters.de/advisories/012002.htm, "users running PHP 4.2.0-dev from cvs are not vulnerable to any of the described bugs because the fileupload code was completly rewritten for the 4.2.0 branch. "
If upgrading is not possible or a patch cannot be applied, you can avoid these vulnerabilities by setting file_uploads = Off in the php.ini file for version 4.0.3 and above. This will prevent you from using fileuploads, which may not be acceptable for your operation. 

Systems Affected
VendorStatusDate NotifiedDate Updated
Apache Software FoundationVulnerable27-Feb-2002

References


http://security.e-matters.de/advisories/012002.html
http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.1.x.gz
http://www.php.net/do_download.php?download_file=rfc1867.c.diff-4.0.6.gz
http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz

Credit

Our thanks to Stefan Esser, upon whose advisory this document is based.

This document was written by Shawn V. Hernan.

Other Information

Date Public:2002-02-27
Date First Published:2002-02-27
Date Last Updated:2002-02-27
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:55.08
Document Revision:7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader